EFI Firmware Passwords / PreImaging / Newer Model MacBooks

waltnerc
New Contributor II

I have a number of new MacBook Airs arriving in a week. I'm looking for an easy way to set the EFI Firmware Password. I thought I would setup a pre-image and define it in there to automate the process. Then I ran across this article:

http://www.cnet.com/news/efi-firmware-protection-locks-down-newer-macs/

Can anyone confirm what this article says about setting the EFI Firmware password in newer model macs? Does this mean that setting up an EFI Firmware Password with a pre-image on newer Apple products is a nonstarter?

1 REPLY 1

mm2270
Legendary Contributor III

Resetting the Firmware Password via some hardware change hasn't been an option on Macs for several years now, so nothing in that article is all that relevant. You have to go back to around 2010 models to be able to bypass it in that manner.

In regards to pre-configuring the FW password in your image, I'm not certain if that's ever really been an option. If it once worked, I'd say it was more a fluke or bug than a feature. You'll want to set the Firmware Password in a script that runs as part of the "firstrun" by calling the setregproptool binary that's embedded in the Firmware Password Utility.app's Resources folder. Package and deploy that into a location on the Macs at imaging time, such as in /Library/Application Support/JAMF/
You can grab the setregproptool from the Mac's own Recovery HD partition if that helps.

Then call it in a script with something like

/path/to/setregproptool -p "some_password" -m command

There are other more detailed posts on how to do this, so the above is just a quick overview.